Billions of Windows and Linux System infected with Critical GRUB2 Bootloader Vulnerability

Researchers has discovered a critical BootHole vulnerability that affects most of the Windows devices and Linux Distribution that uses GRUB2 bootloader with Secure Boot this critical GRUB2 bootloader vulnerability can bypass the secure boot can let an attacker gain access over the system.

What is Secure boot?

Secure Boot is a feature of UEFI (Unified Extensible Firmware Interface) that uses cryptographic signatures to verify the integrity of each piece of code as it is needed during the boot process. When enabled and fully configured, Secure Boot helps a computer resist attacks and infection from malware.

Secure Boot ensures that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM).

secure boot hijacked
btpassed secure boot

Critical GRUB2 Bootloader Vulnerability

The critical vulnerability was discovered by researchers from Eclypsium, this critical GRUB2 bootloader vulnerability, BootHole is a Buffer Overflow vulnerability that affects all the versions of GRUB2 that can allow an attacker to break the hardware trust mechanism.

This BootHole vulnerability can be tracked as CVE-2020-10713 if the attacker was successfully able to exploit the vulnerability it could allow him to bypass the Secure Boot feature and gain high-privileged persistent and stealthy access to the targeted systems.

The researchers found that GRUB2 config file i.e. grub.cfg is a text file and is not signed like other executable files that enable the attacker to execute arbitrary code in the GRUB2 and thus can control over the booting of the operating system and bypass Secure Boot.

critical grub2 bootloader vulnerability
Bootloader vulnerability

“The buffer overflow allows the attacker to gain arbitrary code execution within the UEFI execution environment, which could be used to run malware, alter the boot process, directly patch the OS kernel, or execute any number of other malicious actions,” researchers said.

The researchers also said that the vulnerability was even more critical because the attacker can run malicious code even before booting the Operating System that makes Antiviruses to detect the flaw and remove it.

Updates and Patches Wouldn’t Resolve the Issue

The researchers of Eclypsium has already contacted with the major vendors and manufacturers to patch the flaw, but only applying the patch will not resolve the flaw because the attackers can also replace the existing Bootloader with a vulnerable one.

According to the researchers to completely remove the flaw new bootloader should be signed and deployed and vulnerable bootloaders should be revoked to prevent the vulnerable versions from the attacks.

Microsoft also acknowledged the flaw and said that “working to complete validation and compatibility testing of a required Windows Update that addresses this vulnerability.”

Some of the famous Linux vendors have released the patches for the vulnerability listed Red Hat (Fedora and RHEL), Canonical (Ubuntu), SuSE (SLES and OpenSUSE), DebianVMwareMicrosoftHP.

How much you enjoyed the article on the Critical GRUB2 Vulnerability tell us in the comments.

Satender Kumar

A tech Blogger always fascinated with the technology and gather as much amount of knowledge from the internet. Loves to share the knowledge with the others.

Leave a Reply

Your email address will not be published. Required fields are marked *